Lucene search
K

532 matches found

Code423n4
Code423n4
added 2021/11/21 12:0 a.m.5 views

Total Supply Does Not Change During the Burn/Mint

Handle defsec Vulnerability details Impact During the dynamic test, The Burn and Mint function does not increase/decrease total supply. That will cause liquidity loss on the protocol. Proof of Concept 1. Navigate to the following contracts. "" "" 2. Totalsupply is not adjusted according to...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/18 10:9 a.m.4 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2021/11/17 4:59 p.m.5 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
Code423n4
Code423n4
added 2021/11/17 12:0 a.m.11 views

Missing Emergency Pause Check

Handle defsec Vulnerability details Impact During the manual code review, It has been observed that minting progress is not checked when the contract is emergency paused. This can cause misfunctionality and unlocking user funds during the emergency pausing. Proof of Concept 1- Navigate to ""...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/16 11:37 a.m.5 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
Code423n4
Code423n4
added 2021/11/16 12:0 a.m.11 views

setGuardian() Wrong implementation

Handle WatchPug Vulnerability details function setGuardianaddress guardian external onlyGovernance; governance = guardian; function setGuardianaddress guardian external onlyGovernance; governance = guardian; governance = guardian should be guardian = guardian. --- The text was updated successfull...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.9 views

XVader.sol : loss of user funds during 'leave' function

Handle shri4net Vulnerability details Impact Unintended Fee is charged to user while using 'leave' function in XVader.sol as part of the voting/governance. Proof of Concept Ref contracts/x-vader/XVader.sol, function leave Ref contracts/tokens/Vader.sol, function transfer Example, User locks 100...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/13 12:0 a.m.7 views

Copy your own portfolio to keep earning royalties

Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol going through the create function which leads to the sendFeesWithRoyalties = addShares function, Im not seeing any checks preventing someone from copying their own portfolio and receiving royalty shares for it and simply repeating...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/12 12:0 a.m.10 views

Multicall.sol batch calls don't update msg.value

Handle jayjonah8 Vulnerability details Impact In NestedFactory.sol using Multicall.sol can be dangerous when it has a msg.value inside a loop since the msg.value doesn't update every iteration. This can lead to a user sending ETH one time and it being counted for every iteration. There is a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.9 views

Users Can Frontrun revoke() By Calling vest()

Handle leastwood Vulnerability details Impact The onlyOwner role typically calls revoke if a member leaves the BootFinance team, resulting in vested tokens being transferred to the multisig account. Each vesting account has a revocable state variable that is set to either true or false. As any us...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.5 views

Inconsistent balance when supplying transfer-on-fee or deflationary tokens

Handle Reigada Vulnerability details Impact In the contract StakingRewards, the stake function assume that the amount of stakingToken is transferred to the smart contract after calling the safeTransferFrom function and thus it updates the balances mapping. However, this may not be true if the...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/10 9:47 a.m.6 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2021/11/10 9:40 a.m.5 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2021/11/10 9:15 a.m.17 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2021/11/10 9:7 a.m.3 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2021/11/10 9:4 a.m.5 views

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.3CVSS7.3AI score0.12205EPSS
Exploits4References9
Code423n4
Code423n4
added 2021/11/08 12:0 a.m.14 views

Unable to claim vesting due to unbounded timelock loop

Handle nathaniel Vulnerability details Impact The timelocks for any beneficiary are unbounded, and can be vested by someone who is not the beneficiary. When the array becomes significantly big enough, the vestments will no longer be claimable for the beneficiary. The vest function in Vesting.sol...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/07 12:0 a.m.9 views

Invalid validity check

Handle fr0zn Vulnerability details Vulnerability Details On the AirdropDistribution.sol, inside the validate function line 506 , the validatedmsg.sender is not checked and the validation for an already airdropped user is done using the airdropmsg.sender.amount value. Provide a detailed descriptio...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/07 12:0 a.m.10 views

Invalid or missing validity check

Handle fr0zn Vulnerability details Vulnerability Details On the AirdropDistribution.sol, inside the validate function line 506 , the validatedmsg.sender is not checked and the validation for an already airdropped user is done using the airdropmsg.sender.amount value. Provide a detailed descriptio...

7AI score
Exploits0
CNVD
CNVD
added 2021/11/01 12:0 a.m.30 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

8.7CVSS4.2AI score0.60729EPSS
Exploits0References1
Rows per page
Query Builder